Do you still use the same password for every one of your online accounts? Once upon a time, like a lot of people I know, I also used 2-3 different passwords for my many accounts. Although I appeased my secret concern with the knowledge that at least I had several instead of just one, I knew it wasn't enough. But like many of you, too, I struggled with the idea of being able to easily recall more than a few. I mean, really? You want me to remember 10 different passwords? As if...
Sadly, it's no longer really a luxury to say, "That's just too hard," and give up without looking for a solution that will work. We owe it to ourselves to put in a little bit of effort to ensure our data is secure. Who among us doesn't know someone affected by identify theft? Or someone who knows someone...?
After trying a number of possibilities, months ago I hit on a plan that's worked well for me. After two recent heart-to-hearts with a people still using a single password for everything, and hearing their positive responses to my little system, it occurred to me that maybe some of you can benefit from its use, too. So I decided to share it with you here.
Of course there are alternatives. My idea may not work for you. Peek around the net and I'm sure you'll find all sorts of advice on how to handle multiple passwords. Regardless of what you choose, though, I hope this will encourage those of you still using a single password to at least look into finding a way to better secure your data.
Please also know: this isn't one-size-fits-all. If you decide to try it, you're going to have to tweak it for your own use. I won't even suggest that you won't have to keep some secret, private notes that will help you recall the ones that slip your mind. But if I can make this process work for me, I'm confident it could work for you, too. In fact, setting up your version of such a system might just take you less time than reading through my super-detailed explanation of how it works! But if you're intrigued, read on:
Decide if you want to use the same password for specific kinds of accounts. Consider the ways you want to group their usage:
- Shopping sites like Amazon, Ebay and LivingSocial could have one password,
- Entertainment sites like Netflix and Pandora, another. (Especially since this kind of password may be shared with a friend who needs to log in to Pandora to start the music for the party you're hosting together. You won't reveal WHY this is your password, but you'll know that the one used for this kind of account may be shared and therefore is ONLY to be used for such low-level security accounts.)
- Social media accounts like Facebook, Twitter and LinkedIn could be accessed with yet another.
- Email accounts. Maybe you only have one. Lucky you. Maybe you have 5. Do you want to use the same password for all email accounts? You have choices.
- Financial institutions. This one is the stickiest one. Maybe you want to use the same one for all, or perhaps you want to really tighten this one down and use something unique for each one: one for your bank account, another for your PayPal account...
- And etc.
Choose a phrase that can apply to lots of different life situations. I recommend one that could begin many sentences that are true for or applicable to you, but which wouldn't be immediately obvious to others.
A few examples:
- Seattle is a city that...
- It's fun to remember when I...
- My best friend likes it when I...
- That was the summer we...
Remember that some services require an 8 digit minimum and others require you include at least one number and at least one letter. Perhaps you'll just decide to include a number in all your passwords and that they will all be at least 8 digits long. Might save you time later...
If so, choose an easy-to-remember number that isn't, nonetheless, obviously connected with your current life. Instead of using an obvious digit (people love "1" or "123" but you have so many more options,) you might use the first 3 digits of your childhood best friend's phone number. Maybe your high school boyfriend's jersey number! Or your street address from when you were in the 3rd grade.
Now decide where the digit will appear within the sequence. The more consistent you can be with this, the easier your resulting passwords will be for you to recall without the need to look up hints.
Decide if you'll use all lower case, all caps, or a combination of the two.
Put it all together. Take your chosen phrase from the first list and apply it generically to the second set, working in whatever scheme you've hit upon for capitalization and numeral inclusion plus placement:
New Password Example Set 1:
- "Seattle is a city that offers great shopping." Therefore some derivative passwords for your shopping accounts could be the acronym SIACTOGS. Maybe I'll choose to write it this way instead: siacTogs. Or siac22togs, or even Siac664togS.
- "Seattle is a city that keeps me entertained." Here's the base for your entertainment account passwords like Netflix: siactkme, s9iactkme, SIACtkme.
- "Seattle is a city that makes me want to stay in touch." One of the many reasons we use email is to stay in touch. So it's easy enough to recall siactmmwtsit for your email account(s).
Perhaps the city idea doesn't appeal to you at all. That's the beauty of your personal involvement in setting up the system that works for YOU!
New Password Example Set 2:
- "It's fun to remember when I became financially comfortable" gives you a great password hint for your PayPal account: iftrttibfc or iftrw22Ibfc.
- "It's fun to remember when I got my first checking account" gives you a useful base for your new bank account password: ifTR886wigmfca.
- "It's fun to remember when email seemed like such a novelty" can be the hint for the passwords you use for your email accounts: iftr8weSLSAN.
New Password Example Set 3:
- "My best friend likes it when we meet for shopping marathons" could be great for your Amazon, Overstock and JJiill accounts: m44bfliwwmfsm.
- "My best friend likes it when we support each other's financial goals" can yield mbfliWWseofg, changing up the side-by-side ww to caps, for added security to your Paypal account. Reference to "financial goals" is enough of a clue that you'll know it's related to a financial account.
- Choose only one or two phrases you know you'll remember. NOT 4 like I included above. Those were just ideas to get you thinking.
- The possibilities really are unlimited.
- Don't use the ones I mentioned above. Find your own private phrases!
- Don't share your secret phrase with anyone. (Otherwise, it becomes easier to crack ALL your passwords, if someone's onto what you're doing, and happened to want to crack them.)
- Don't keep your password hints in an obvious place. A word document called "My Passwords" is not recommended.
- If you do decide to keep all your password hints in a comptuer file, maybe you'll want to put them in a place you'll know where to find them but which isn't obvious to anyone else. Maybe you'll want to call your secret password hint file: "places to visit in stokesdale," protect it with its own non-system-based password, then tuck it away in a rarely-used folder called "Pictures from my November artist outing."
- In THAT file, you can include only the basic hints. Since you've elected to use a phrase that's obvious to you, such as "That was the summer we..." for inclusion in your new set of passwords, you never include that phrase anywhere within the document itself. Then, just as some online account setups come with a password hint like "what is your mother's maiden name," you'll have your own hints.
What entries within a master hint document might look like:
- FB = gm, were good at keeping in touch // Translation: Facebook login is your gmail address and your password is TWTSW55wgatit.
And I know this because out of all the possible variations I've considered, perhaps I decided upon "that was the summer we" for my consistent phrase, then decided to type the first part in all caps, add the number "55" inside, and ensure the last part is always lowercase. That Was The Summer We 55 were good at keeping in touch.
- Amazon = ym we shopped in every town we visited
While these hints are nonsensical to the untrained eye, what I know from what is included in my notes is that my amazon account is associated with my yahoo mail account and that the last part of my password will be wsietwv. So my amazon password here becomes TWTSW55sietwv.
Final thoughts and questions:
Certainly it's not necessary to go overboard. Maybe you aren't as worried about tightening down the security of your "shopping" accounts. Because I've built in all the other layers of privacy, maybe I'll feel it's fine just to make all shopping accounts "twtswsietwv" because "that was the summer we shopped in every town we visited" is more than enough to remind me. But then I've broken the pattern, and have to remember that sometimes I've used all lowercase and left out the digits. Maybe that's an issue for me (and my faltering memory) and maybe it's not... You get to decide how uniform your new passwords are or how much deviation you can handle.
Keep in mind that my examples and ideas include lots of variations and I don't think it's necessary to go so far as to employ every single one of these ideas. To me, doing so would feel like going too far. Like I'm being overly paranoid. But for you, maybe not! Still, we have to be smart these days.
One more thing: while I've been using my system for months now, I haven't completely converted all my old passwords to the "formula" based patterns I've described here. We have to go easy on ourselves. There's enough keeping us busy without the added stress of changing every single password at once. Still, it's been an awesome plan for me, and periodically I change another one, and another one, always use the system when I set up a new account. In that way, it's working for me better and better...
What about you? Do any of these ideas sound useful to you? Do you have others to throw into the mix to help other readers who may be looking for useful systems they can recall while feeling more secure than they currently do? I'd love to hear your ideas!